Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1058 | 1 Wolfram Research | 1 Mathematica | 2017-12-19 | 7.5 HIGH | N/A |
| The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of a host that is allowed to obtain the license. | |||||
| CVE-2001-0772 | 1 Hp | 1 Hp-ux | 2017-12-19 | 4.6 MEDIUM | N/A |
| Buffer overflows and other vulnerabilities in multiple Common Desktop Environment (CDE) modules in HP-UX 10.10 through 11.11 allow attackers to cause a denial of service and possibly gain additional privileges. | |||||
| CVE-2001-0029 | 1 Igor Khasilev | 1 Oops Proxy Server | 2017-12-19 | 10.0 HIGH | N/A |
| Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other versions) allows remote attackers to execute arbitrary commands via a long host or domain name that is obtained from a reverse DNS lookup. | |||||
| CVE-2001-0030 | 1 Smartstuff | 1 Foolproof Security | 2017-12-19 | 7.2 HIGH | N/A |
| FoolProof 3.9 allows local users to bypass program execution restrictions by downloading the restricted executables from another source and renaming them. | |||||
| CVE-2001-0031 | 1 Broadvision | 1 One-to-one Enterprise Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| BroadVision One-To-One Enterprise allows remote attackers to determine the physical path of server files by requesting a .JSP file name that does not exist. | |||||
| CVE-2001-0768 | 1 Steve Poulsen | 1 Guildftpd | 2017-12-19 | 4.6 MEDIUM | N/A |
| GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file. | |||||
| CVE-2001-0032 | 1 Eric Rescorla | 1 Ssldump | 2017-12-19 | 10.0 HIGH | N/A |
| Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL. | |||||
| CVE-2001-1057 | 1 Wolfram Research | 1 Mathematica | 2017-12-19 | 5.0 MEDIUM | N/A |
| The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license requests. | |||||
| CVE-2000-1025 | 1 Unify | 1 Ewave Servletexec | 2017-12-19 | 5.0 MEDIUM | N/A |
| eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, allows remote attackers to cause a denial of service via a URL that contains the "/servlet/" string, which invokes the ServletExec servlet and causes an exception if the servlet is already running. | |||||
| CVE-2001-0776 | 1 Dynfx | 1 Dynfx Mailserver | 2017-12-19 | 5.0 MEDIUM | N/A |
| Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service. | |||||
| CVE-2001-0777 | 1 Omnicron | 1 Omnihttpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts. | |||||
| CVE-2001-0778 | 1 Omnicron | 1 Omnihttpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20). | |||||
| CVE-2001-0782 | 1 Kde | 1 Ktv | 2017-12-19 | 7.2 HIGH | N/A |
| KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. | |||||
| CVE-2001-0783 | 1 Cisco | 1 Tftp Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command. | |||||
| CVE-2001-1052 | 1 Emergenices Personnel Information System | 1 Empris | 2017-12-19 | 7.5 HIGH | N/A |
| Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1051 | 1 Dark Hart Portal | 1 Darkportal-unix | 2017-12-19 | 7.5 HIGH | N/A |
| Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1050 | 1 Cccsoftware | 1 Ccc | 2017-12-19 | 7.5 HIGH | N/A |
| CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. | |||||
| CVE-2001-1047 | 1 Openbsd | 1 Openbsd | 2017-12-19 | 1.2 LOW | N/A |
| Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file descriptors to NULL via a close, or (2) calling dup2 on a file descriptor in one process, then setting the descriptor to NULL via a close in another process that is created via rfork. | |||||
| CVE-2001-0037 | 1 Keware Technologies | 1 Homeseer | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers. | |||||
| CVE-2001-0038 | 1 Metaproducts | 1 Offline Explorer | 2017-12-19 | 5.0 MEDIUM | N/A |
| Offline Explorer 1.4 before Service Release 2 allows remote attackers to read arbitrary files by specifying the drive letter (e.g. C:) in the requested URL. | |||||
| CVE-2001-0808 | 1 Yngve Svendsen | 1 Gnatsweb | 2017-12-19 | 10.0 HIGH | N/A |
| gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter. | |||||
| CVE-2001-0818 | 1 Marty Bochane | 1 Mdbms | 2017-12-19 | 7.5 HIGH | N/A |
| A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data. | |||||
| CVE-2001-0820 | 1 Gaztek | 1 Ghttp | 2017-12-19 | 7.5 HIGH | N/A |
| Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c. | |||||
| CVE-2001-0821 | 1 Dcscripts | 1 Dcshop | 2017-12-19 | 5.0 MEDIUM | N/A |
| The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt. | |||||
| CVE-2001-1045 | 1 Basilix | 1 Basilix Webmail | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter. | |||||
| CVE-2001-1044 | 1 Basilix | 1 Basilix Webmail | 2017-12-19 | 7.5 HIGH | N/A |
| Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords and usernames from the mysql.class file. | |||||
| CVE-2001-1042 | 1 Transsoft | 1 Broker Ftp Server | 2017-12-19 | 5.0 MEDIUM | N/A |
| Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. | |||||
| CVE-2001-0044 | 1 Lexmark | 1 Markvision | 2017-12-19 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Lexmark MarkVision printer driver programs allows local users to gain privileges via long arguments to the cat_network, cat_paraller, and cat_serial commands. | |||||
| CVE-2001-0835 | 1 Bradford Barrett | 1 Webalizer | 2017-12-19 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup. | |||||
| CVE-2001-0839 | 1 Ibill Internet Billing Company | 1 Processing Plus | 2017-12-19 | 7.5 HIGH | N/A |
| ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing. | |||||
| CVE-2001-1034 | 1 Freebsd | 1 Freebsd | 2017-12-19 | 7.2 HIGH | N/A |
| Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter. | |||||
| CVE-2001-1033 | 1 Compaq | 2 Tru64, Trucluster | 2017-12-19 | 5.0 MEDIUM | N/A |
| Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state. | |||||
| CVE-2001-1031 | 1 Charles Clark | 1 Meteor Ftpd | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Meteor FTP 1.0 allows remote attackers to read arbitrary files via (1) a .. (dot dot) in the ls/LIST command, or (2) a ... in the cd/CWD command. | |||||
| CVE-2001-1026 | 1 Trend Micro | 1 Interscan Applettrap | 2017-12-19 | 7.5 HIGH | N/A |
| Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs when they are modified in certain ways such as (1) using a double slash (//) instead of a single slash, (2) URL-encoded characters, (3) requesting the IP address instead of the domain name, or (4) using a leading 0 in an octet of an IP address. | |||||
| CVE-2001-0845 | 1 Dec | 4 Dec Openvms, Dec Openvms Alpha, Sevms and 1 more | 2017-12-19 | 4.6 MEDIUM | N/A |
| Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources. | |||||
| CVE-2001-0049 | 1 Watchguard | 1 Soho Firewall | 2017-12-19 | 5.0 MEDIUM | N/A |
| WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to cause a denial of service via a large number of GET requests. | |||||
| CVE-2001-0847 | 1 Lotus | 1 Domino Web Server | 2017-12-19 | 7.5 HIGH | N/A |
| Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID. | |||||
| CVE-2001-1024 | 1 Entrust | 1 Getaccess | 2017-12-19 | 7.5 HIGH | N/A |
| login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument. | |||||
| CVE-2001-0849 | 1 Duncan Hall | 1 Viralator | 2017-12-19 | 7.5 HIGH | N/A |
| viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget. | |||||
| CVE-2001-0051 | 1 Ibm | 1 Db2 Universal Database | 2017-12-19 | 7.5 HIGH | N/A |
| IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database. | |||||
| CVE-2001-0052 | 1 Ibm | 1 Db2 Universal Database | 2017-12-19 | 2.1 LOW | N/A |
| IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query. | |||||
| CVE-2001-1023 | 1 Xcache Technologies | 1 Xcache | 2017-12-19 | 5.0 MEDIUM | N/A |
| Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header. | |||||
| CVE-2001-1019 | 1 Seaglass Technologies Inc. | 1 Sglmerchant | 2017-12-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in view_item CGI program in sglMerchant 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTML_FILE parameter. | |||||
| CVE-2001-1018 | 1 Lotus | 1 Domino | 2017-12-19 | 5.0 MEDIUM | N/A |
| Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters. | |||||
| CVE-2001-1014 | 1 Michael Boehme | 1 Webdiscount E Shop Online Shop System | 2017-12-19 | 7.5 HIGH | N/A |
| eshop.pl in WebDiscount(e)shop allows remote attackers to execute arbitrary commands via shell metacharacters in the seite parameter. | |||||
| CVE-2001-1013 | 1 Redhat | 1 Linux | 2017-12-19 | 5.0 MEDIUM | N/A |
| Apache on Red Hat Linux with with the UserDir directive enabled generates different error codes when a username exists and there is no public_html directory and when the username does not exist, which could allow remote attackers to determine valid usernames on the server. | |||||
| CVE-2001-1012 | 1 Suse | 1 Suse Linux | 2017-12-19 | 7.2 HIGH | N/A |
| Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/. | |||||
| CVE-2000-1033 | 1 Cat Soft | 1 Serv-u | 2017-12-19 | 7.5 HIGH | N/A |
| Serv-U FTP Server allows remote attackers to bypass its anti-hammering feature by first logging on as a valid user (possibly anonymous) and then attempting to guess the passwords of other users. | |||||
| CVE-2000-0902 | 1 Nathan Purciful | 1 Phpphotoalbum | 2017-12-19 | 5.0 MEDIUM | N/A |
| getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. | |||||
| CVE-2001-1000 | 1 Merit | 1 Aaa Radius Server | 2017-12-19 | 2.1 LOW | N/A |
| rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and possibly other versions, allows local users to read arbitrary files via a symlink attack on the rlmadmin.help file. | |||||